zstack-cli
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates environment management by executing the
zstackbinary, including instructions for local builds usinggo buildin a specific user directory. - [COMMAND_EXECUTION]: Provides interactive access to managed environments via the
zstack shellcommand. - [CREDENTIALS_UNSAFE]: Orchestrates authentication workflows using
zstack auth loginwhich processes email and password credentials, and supports the creation of scoped API tokens. - [DATA_EXFILTRATION]: Exposes high-privilege data access commands including
zstack secrets list,zstack files downloadfor retrieving environment files, andzstack db queryfor executing arbitrary SQL. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating untrusted parameters such as environment IDs, branch names, and hostnames into shell commands. Ingestion points: User-provided arguments for environment, branch, and domain commands. Boundary markers: None present. Capability inventory: Runtime shell access, database queries, file downloads, and secret listing. Sanitization: None described; safety depends on the underlying CLI implementation.
Audit Metadata